Skip to main content

Absolute Secure Access EUVDEUVD-2026-44801

| CVE-2026-33445 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-07-15 Absolute
8.7
CVSS 4.0 · Vendor: Absolute
Share

Severity by source

Vendor (Absolute) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

AC:H because exploitation requires intimate knowledge and total control of the tunnel protocol; network-reachable with availability-only impact, so C:N/I:N/A:H.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Absolute).

CVSS VectorVendor: Absolute

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 22:33 EUVD
Analysis Generated
Jul 15, 2026 - 21:02 vuln.today
CVE Published
Jul 15, 2026 - 20:13 cve.org
HIGH 8.7

DescriptionCVE.org

CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server.

AnalysisAI

Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows a remote attacker with deep, low-level command of the tunnel protocol to corrupt server-side memory management and keep the server down. The flaw carries a CVSS 4.0 base score of 8.7 driven entirely by an availability (VA:H) impact, with no confidentiality or integrity consequence. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach internet-facing Secure Access server
Delivery
Establish/control tunnel protocol session
Exploit
Send crafted protocol state to trip memory fault
Execution
Corrupt server memory management
Persist
Server persistently crashes or hangs
Impact
Remote access unavailable to users

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have, per the vendor description, 'intimate knowledge of and total control over the tunnel protocol' - meaning the ability to craft and drive arbitrary Secure Access tunnel-protocol exchanges, not merely send generic network traffic. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H) rates this network-reachable, unauthenticated, and low-complexity, yielding 8.7 (High) with pure availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who understands the Absolute Secure Access tunnel protocol at a low level connects to an internet-facing server and drives the tunnel into a crafted state that trips the memory-management fault, leaving the server hung or crashed and unable to serve legitimate remote users until manual intervention. Because the failure is persistent rather than transient, a single successful attempt can cause a sustained outage. …
Remediation Upgrade Absolute Secure Access servers to version 14.55 or later, which is the vendor-released patch (affected = prior to 14.55); consult the advisory at https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33445 for the exact build and upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Absolute Secure Access deployments running versions before 14.55, categorize by business criticality, and initiate vendor contact to determine patch timeline. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40952 HIGH
8.5 Jul 15

Local privilege escalation in Absolute Secure Access for Windows (client and server) before version 14.55 allows a low-p

CVE-2025-49080 HIGH
7.5 Jun 12

Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated,

CVE-2026-0517 HIGH
7.5 Jan 17

Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthentica

CVE-2026-33443 HIGH
7.1 Jul 15

Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows an authenticated tunnel parti

CVE-2026-40950 HIGH
7.1 Apr 30

Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modi

CVE-2026-33444 MEDIUM
6.9 Jul 15

Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attac

CVE-2026-55398 MEDIUM
6.9 Jul 15

Memory management flaw in Absolute Secure Access prior to version 14.55 allows a remote attacker with deep protocol know

CVE-2026-40953 MEDIUM
6.7 Jul 15

Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions p

CVE-2026-40957 MEDIUM
6.1 Jul 15

Frameable content on the Absolute Secure Access server login page (versions prior to 14.55) enables clickjacking attacks

CVE-2025-54088 MEDIUM
6.1 Oct 02

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the c

CVE-2024-37345 MEDIUM
5.4 Jun 20

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to

CVE-2024-37343 MEDIUM
5.4 Jun 20

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prio

Share

EUVD-2026-44801 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy